CVE-2024-44986

Published: Sep 4, 2024

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in ip6_finish_output2() If skb_expand_head() returns NULL, skb has been freed and associated dst/idev could also have been freed. We need to hold rcu_read_lock() to make sure the dst and associated idev are alive.

Vendor	Product	Versions
Linux	Linux	affected `5796015fa968a3349027a27dcd04c71d95c53ba5 - < e891b36de161fcd96f12ff83667473e5067b9037` affected `5796015fa968a3349027a27dcd04c71d95c53ba5 - < 3574d28caf9a09756ae87ad1ea096c6f47b6101e` affected `5796015fa968a3349027a27dcd04c71d95c53ba5 - < 6ab6bf731354a6fdbaa617d1ec194960db61cf3b` affected `5796015fa968a3349027a27dcd04c71d95c53ba5 - < 56efc253196751ece1fc535a5b582be127b0578a` affected `5796015fa968a3349027a27dcd04c71d95c53ba5 - < da273b377ae0d9bd255281ed3c2adb228321687b` +6 more versions
Linux	Linux	affected `5.14` unaffected `0 - < 5.14` unaffected `5.15.166 - <= 5.15.` unaffected `6.1.107 - <= 6.1.` unaffected `6.6.48 - <= 6.6.*` +2 more versions

References

https://git.kernel.org/stable/c/e891b36de161fcd96f12ff83667473e5067b9037

https://git.kernel.org/stable/c/3574d28caf9a09756ae87ad1ea096c6f47b6101e

https://git.kernel.org/stable/c/6ab6bf731354a6fdbaa617d1ec194960db61cf3b

https://git.kernel.org/stable/c/56efc253196751ece1fc535a5b582be127b0578a

https://git.kernel.org/stable/c/da273b377ae0d9bd255281ed3c2adb228321687b

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-44986

Description

Affected Products

References